undeliverable mail
Beastie MRA
beastie at mra.co.id
Wed Dec 20 00:16:49 PST 2006
On Dec 20, 2006 02:00 PM, Matthew Seaman
<m.seaman at infracaninophile.co.uk> wrote:
>Beastie MRA wrote:
>>On Dec 20, 2006 10:31 AM, Bill Vermillion <bv at wjv.com> wrote:
>>
>>>It's Wed, Dec 20, 2006 at 09:26 . I'm in a small dim room with
>>>doors labeled "Dungeon" and "Forbidden". There is noise, the door
>>>marked Dungeon flies open and Beastie MRA SHOUTS:
>>>
>>>>Dear All.
>>>>
>>>>For past few days, my MX receive thousand of undeliverable message
>>>>destinated for my non existent user at my domain.
>>>>This message source come from valid and well configured (almost)
>>>>smtp
>>>>server on internet.
>>>>I'ts waste my internet b/w, cause my MX will reject with non
>>>>existent
>>>>user message.
>>>>I'll try spamd on my firewall and greylist on my MX (postfix), but
>>>>still
>>>>no effective, and i cannot block undeliverable
>>>>message as RFC rules
>>>>
>>>>Is there any way i can fix this ?
>>>>Please help
>>>I use the virtusertable in sendmail, and I have my valid addresses,
>>>such as bv at wjv.com bv and then for after that is
>>>a line of @wjv.com nouser.
>>>
>>>And nouser is defined in aliases as nouser: /dev/null
>>>
>>>On one of the mail servers I maintain I just checked and I
>>>had 260,000+ messages routed to "*file*" in the maillog - which
>>>shows up as mailer=*file* in the logs. That maillog rotates
>>>every night at midnight.
>>>
>>>Is not really a freebsd-net problem so I removed that from the
>>>reply to line.
>>>
>>>Bill
>>>
>>>--
>>>Bill Vermillion - bv @ wjv . com
>>
>>Thanks for response...
>>
>>but this virtusertable will not stop SMTP server in internet to keep
>>send you undeliverable message.
>>I assume someone doing nasty with forged and use my domain email to
>>send
>>his spam message to non existing user.
>>and i got undeliverable message.
>>Is there any clue ??
>>Oh.. i forget to mention i use 4.11-STABLE for my MX
>
>Hmmm... SPF records are a good tool against this sort of thing.
>Perhaps if you change from:
>
>mra.co.id. "v=spf1 mx "
>
>to
>
>mra.co.id. "v=spf1 mx -all"
>
>That means that SPF compliant mail servers should refuse to accept
>messages (ie. a hard fail) from any machine other than the MXes for
>mra.co.id See http://www.openspf.org/SPF_Record_Syntax for the full
>story on SPF records.
>
>It's not a 100% solution and it will take the spammers some time to
>realise that forging your address in their e-mails is much less
>effective. On the positive side, it will mean that many mailservers
>reject the incoming spam during the SMTP dialog so you'll get fewer
>bounce messages.
>
>This problem exposes an architectural flaw in many e-mail server
>setups. Either all of the MXes for a domain have to be able to verify
>addresses on incoming e-mails and reject any non-existent destinations
>during the SMTP dialog, or (like Bill does above) once a message has
>been accepted by any of the mail servers for your domain, it should
>never be bounced back to the (probably forged) mail address in the
>headers because the recipient doesn't exist. Bouncing for other
>reasons,
>(like eg. mailbox over quota) does not generally add to the overall
>spam
>load. Normally a very simple site with just one server will get that
>right,
>but a more complex site with several MXes and various SMTP routers etc.
>internally will frequently not.
>
>Cheers,
>
>Matthew
>
>--
>Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
>Flat 3
>PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
>Kent, CT11 9PW
Thanks...
i have problem with SPF record in dns , because i have serveral mobile
users and off site users
that use SMTP provide by internet provider. and i cant list it one by
one in spf record. :(
regards
Reza
More information about the freebsd-questions
mailing list